In this article

Access on-premises resources from an Azure AD-joined device in Microsoft 365 Business

10/17/2018

2 minutes to read

Contributors

In this article

Any Windows 10 device that is Azure Active Directory joined will have access to all cloud-based resources such as your Office 365 apps and can be protected by Microsoft 365 Business. To also allow access to on-premises resources like Line Of Business (LOB) apps, file shares, and printers, you must synchronize your on-premises Active Directory with Azure Active Directory by using Azure AD Connect. See Introduction to device management in Azure Active Directory to learn more.

Run Azure AD Connect

Complete the following steps to enable your organization's Azure AD joined devices to access on-premises resources.

Once the Windows 10 devices are Azure AD joined, each user should reboot their devices and login with their Microsoft 365 Business credentials. All devices will now have access to on-premises resources as well.

No additional steps are required to get access to on-premise resources for Azure AD joined devices. This is built-in functionality available in Windows 10.

Considerations when joining your Windows devices to Azure AD

If you are Azure AD joining a Windows device that has previously been domain-joined or in a workgroup, you need to consider the following limitations:

When a device Azure AD joins, it creates a new user without referencing an existing profile. To fix this, profiles need to be manually migrated. A user profile contains information like favorites, local files, browser settings, Start menu settings, etc. A best approach is to find a third-party tool to map existing files and settings to the new profile

If the device is using Group Policy Objects (GPO), some GPOs may not have a comparable Configuration Service Provider (CSP) in Intune. Run the MMAT tool to find comparable CSPs for existing GPOs.

Users will not be able to authenticate to applications that depend on Active Directory authentication. To deal with this evaluate using a legacy app and consider updating to an app that uses modern Auth if possible.